Author Topic: Logic analyzer recommendation for reverse engineering  (Read 7072 times)

0 Members and 1 Guest are viewing this topic.

Offline carroteTopic starter

  • Newbie
  • Posts: 3
  • Country: gb
Logic analyzer recommendation for reverse engineering
« on: September 05, 2016, 10:07:56 pm »
Hi all,

I'm a noobie learning how to reverse engineer embedded devices. One of the tools I've been using for the past year is my trust Saleae Logic 4, which I use to sniff UART ports on the devices I'm looking at.
However this Logic 4 has some limitations - it's quite slow at capturing data, which means I can't sniff JTAG or high speed SPI. So I'm looking for another logic analyzer that I can upgrade to.

So my use case is basically sniffing UART, JTAG and SPI signals. I might need to sniff other protocols later, such as CAN, USB and I2C. I'm not really sure how many channels I need at this point. Sometimes I also use my Saleae as a multimeter just to sniff out 3.3v signals and GND when looking for UART.

What's your recommendation? I've browsed around and there are the following choices:
- Saleae Logic Pro 8/16: pretty expensive, but the software is awesome and they support analog capture
- IkaLogic ScanaPLUS: cheaper, 9 channels, but maybe slower than Saleae and crappier software?
- DS Logic: pretty cheap, lots of channels, captures at almost the same speed as the Logic Pro ones, software seems OK

There's also another thing I don't really understand... how fast can these devices capture data? The data is all over the place, and sometimes it's mentioned in million samples per second, sometimes in MHz.
For example:
- Logic Pro: captures up to 500 million samples per second, but only supports 100 Mhz on 4 channels, and 25 MHz on 8
- IkaLogic: says it captures at 100 Mhz, but then they also say the maximum input bandwidth is 25 MHz (1 channel) | 16MHz (4 channels) | 10 MHz (All 9 channels)
- DS Logic: samples at 400 Mhz for 4 channels, but maximum input bandwidth is 50 Mhz

On top of all of this, it seems that the Saleae streams directly into the PC, while the other two seem to buffer the input. I guess this means I can only capture a small amount of data on the Ikalogic and DS Logic?

What are your thoughts?

 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: Logic analyzer recommendation for reverse engineering
« Reply #1 on: September 05, 2016, 10:14:28 pm »
Hi

This can get into all sorts of debates about clones and ripping off software. I'll avoid all of that gook and just cut to the end of the rant:

Go for the genuine Logic Pro 8/16 if that is the most you can afford to spend. Anything better will cost you more money. You very much do *not* want a clone that stops working with the next software update. I have a drawer full of them ....

Bob
 

Offline carroteTopic starter

  • Newbie
  • Posts: 3
  • Country: gb
Re: Logic analyzer recommendation for reverse engineering
« Reply #2 on: September 05, 2016, 10:37:20 pm »
Thanks for the advice Bob.

That's what I'm inclined for too. I've been looking at other analysers around the Logic Pro price point, and they look pretty good but the software makes a big difference. Plus it works natively in Linux, which is my main OS.

Any thoughts on the Pro 8 vs the Pro 16 for my use case? I know the price difference is only 20%, but still thinking if I will ever need more than 8 channels.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: Logic analyzer recommendation for reverse engineering
« Reply #3 on: September 05, 2016, 10:53:00 pm »
Thanks for the advice Bob.

That's what I'm inclined for too. I've been looking at other analysers around the Logic Pro price point, and they look pretty good but the software makes a big difference. Plus it works natively in Linux, which is my main OS.

Any thoughts on the Pro 8 vs the Pro 16 for my use case? I know the price difference is only 20%, but still thinking if I will ever need more than 8 channels.

Hi

Unless you are in a major cash crunch, the Logic 16 is pretty much the only choice. You always will hit a case that needs more lines eventually.

Bob
 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: Logic analyzer recommendation for reverse engineering
« Reply #4 on: September 05, 2016, 11:19:09 pm »
There's also another thing I don't really understand... how fast can these devices capture data? The data is all over the place, and sometimes it's mentioned in million samples per second, sometimes in MHz.
For example:
- Logic Pro: captures up to 500 million samples per second, but only supports 100 Mhz on 4 channels, and 25 MHz on 8
- IkaLogic: says it captures at 100 Mhz, but then they also say the maximum input bandwidth is 25 MHz (1 channel) | 16MHz (4 channels) | 10 MHz (All 9 channels)
- DS Logic: samples at 400 Mhz for 4 channels, but maximum input bandwidth is 50 Mhz
You mix up sample rate with bandwidth. If you sample with a 100MHz clock, it doesn't necessarily mean you can capture a 100MHz clock.
Note that the DSLogic has shielded probes and also support RLE encoding as well as streaming. The software is OK, but nothing great.
Regarding the Saleae: capturing analog signals with bare unshielded cables is somewhat questionable for higher bandwidths. Also the voltage range is very limited.
Last time I looked into it, the trigger options were very basic. I understand though that the Saleae software is the only one that captures very long recordings without issues.
The Ikalogic is special in that it always captures with 100MHz - but as the USB2 bandwidth is limited, you can't capture signals that really change that fast.
Then again, it's somewhat questionable if capturing signals which change with >=50MHz would work all that great with cheap unshielded cables.
Ikalogic Software is quite good, but the new software V2.4 doesn't run all that great on some machines. On my brand new PC at home, it works OK, but on the older core i7 at work, it doesn't work at all - captures nonsense in most of the cases. V2.3 works better but is buggy and not updated anymore.
At the moment, I'm using ScanaPlus and DSLogic Pro in parallel. DSLogic simply always works, it has 16ch and more than enough bandwidth and memory for my usecases.
Ikalogic has a much better GUI, better trigger options and some protocol decoder things I like better, but neither the capturing nor the triggering is 100% reliable and the software progress is incredibly slow.
Trying is the first step towards failure - Homer J. Simpson
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 8240
Re: Logic analyzer recommendation for reverse engineering
« Reply #5 on: September 06, 2016, 03:11:50 am »
Get a good used standalone HP logic analyser. More channels, sample rate, and features than you'll probably need, and pretty cheap too. All the ones you mentioned seem like overpriced toys in comparison. ;)
« Last Edit: September 06, 2016, 03:17:16 am by amyk »
 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: Logic analyzer recommendation for reverse engineering
« Reply #6 on: September 06, 2016, 06:24:46 am »
Nah, they had their time and might still be used to debug µCs (without built-in debugging support) with external bus or to set up a complex trigger pattern, but for sniffing SPI, UART and stuff like this, they are simply a pain in the rear compared to a USB LA.
I used several HP and Agilent LAs at work and wouldn't touch them with a ten foot pole for normal SPI etc. stuff while I can use an USB LA.
Trying is the first step towards failure - Homer J. Simpson
 

Offline forrestc

  • Supporter
  • ****
  • Posts: 646
  • Country: us
Re: Logic analyzer recommendation for reverse engineering
« Reply #7 on: September 06, 2016, 07:27:46 am »
So my use case is basically sniffing UART, JTAG and SPI signals. I might need to sniff other protocols later, such as CAN, USB and I2C. I'm not really sure how many channels I need at this point. Sometimes I also use my Saleae as a multimeter just to sniff out 3.3v signals and GND when looking for UART.

Personally I hate using a logic analyzer for this type of work.  Capture and display is a pain in the arse.  I usually end up using some sort of sniffer - for instance for async serial I have a host of various FTDI (or more likely now, MCP2200) breakout boards to permit me just to gather the stream in a terminal (or protocol decoder) program on the PC.   For I2C, SPI, and USB, I have Total Phase Beagle analyzers.  I also have a couple of low cost CAN and LIN transcievers which do something similar.   There's nothing better than not having to capture, then analyze - I'd rather just get a pauseable realtime stream.    There are lots of options out there.

That said, I truly understand the advantage of having a low cost option.  I have done a lot of capture and decode over the years.

I do have one specific recommendation:  Take a strong look at the zeroplus LAP-C products.   I have a 16128 which is my go-to tool for when I am trying to decode something I don't have a purpose-built tool for.   With over 100 protocol decoders included, it's a very strong contender.   I should also note that I have a Saelae Logic 8, and also a Pro 16 and they are definitely solid contenders as well.   I think the LAP-C wins for breadth of decode and feature set, but the Pro 16 is a lot nicer product (better UI, more compact, etc), which now supports a fairly decent set of protocol decoders.
 

Offline carroteTopic starter

  • Newbie
  • Posts: 3
  • Country: gb
Re: Logic analyzer recommendation for reverse engineering
« Reply #8 on: September 06, 2016, 07:41:19 am »
So my use case is basically sniffing UART, JTAG and SPI signals. I might need to sniff other protocols later, such as CAN, USB and I2C. I'm not really sure how many channels I need at this point. Sometimes I also use my Saleae as a multimeter just to sniff out 3.3v signals and GND when looking for UART.

Personally I hate using a logic analyzer for this type of work.  Capture and display is a pain in the arse.  I usually end up using some sort of sniffer - for instance for async serial I have a host of various FTDI (or more likely now, MCP2200) breakout boards to permit me just to gather the stream in a terminal (or protocol decoder) program on the PC.   For I2C, SPI, and USB, I have Total Phase Beagle analyzers.  I also have a couple of low cost CAN and LIN transcievers which do something similar.   There's nothing better than not having to capture, then analyze - I'd rather just get a pauseable realtime stream.    There are lots of options out there.

That said, I truly understand the advantage of having a low cost option.  I have done a lot of capture and decode over the years.

I do have one specific recommendation:  Take a strong look at the zeroplus LAP-C products.   I have a 16128 which is my go-to tool for when I am trying to decode something I don't have a purpose-built tool for.   With over 100 protocol decoders included, it's a very strong contender.   I should also note that I have a Saelae Logic 8, and also a Pro 16 and they are definitely solid contenders as well.   I think the LAP-C wins for breadth of decode and feature set, but the Pro 16 is a lot nicer product (better UI, more compact, etc), which now supports a fairly decent set of protocol decoders.

I also have some FTDI devices, but I'm looking for something like plug-n-play as a beginning. I expect to start coding my own tools as I become more familiar and proficient and use stuff like GPIO with FTDI, BeagleBlack programming, etc, to sniff out protocols.

The LAP-C looks pretty good, but it seems it has the same weakness as most of these Chinese products - it only works on Windows. My main OS is Linux, but I guess I could do a USB passthrough to a virtual machine. How is the sampling size compared to the Logic Pro?

Also, how does the PicoScope 2000 compare to all of the ones discussed above? The specs look pretty awesome, and it has Linux support. My only doubt is the sampling size compared to the Logic Pro.
 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: Logic analyzer recommendation for reverse engineering
« Reply #9 on: September 06, 2016, 07:49:37 am »
The LAP-C looks pretty good, but it seems it has the same weakness as most of these Chinese products - it only works on Windows. My main OS is Linux, but I guess I could do a USB passthrough to a virtual machine. How is the sampling size compared to the Logic Pro?
LAP-C is completely outdated. I have one in the drawer, even pimped up to the maximum memory (4.5MBit), but still the resulting 256k (or so) samples are a joke compared to any of the devices you named before.
E.g. the DSLogic Pro has 256MBit which means you can sample 16MSamples with 16 channels, even much more of you enable RLE. Plus you can use stream mode for smaller capture frequencies.
Trying is the first step towards failure - Homer J. Simpson
 

Offline pix3l

  • Regular Contributor
  • *
  • Posts: 83
  • Country: nl
  • Let's pix3l8e
Re: Logic analyzer recommendation for reverse engineering
« Reply #10 on: September 06, 2016, 07:50:31 am »
For me, Saleae is the way to go. The device and software by dreamsourcelabs had some mixed messages about whether they're still working on it/improving/bugfixing or not. Saleae certainly is.

The comments about using FTDI chips when possible I agree with, but these can't simply always be used. When debugging or reverse engineering devices containing logic chips / FPGA's you'll really see the power of a logic analyzer.

 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: Logic analyzer recommendation for reverse engineering
« Reply #11 on: September 06, 2016, 08:19:10 am »
Well, even if I'm not happy with the GUI yet and the latest (fixed!!!) color change was a great step back, there is some (slow) progress with DSView (the GUI of DSLogic).
E.g. the protocol decoder speed seems to have dramatically increased in the last release.
Also I understand you could use Sigrok, but ain't sure to what degree (e.g. RLE compression and trigger options might suffer). After all, DSView is some kind of Sigrok spinoff.
The good thing about DSLogic is that everything is open source. Even the FPGA code. So e.g. the RLE compression was initiated by a community member.
Talking of the Saleae (who came up with that terrible name anyway?): the last time I had a look, the trigger options were really basic. Did this change lately?
Even if I'm not happy at all with the progress of the Ikalogic GUI, the V2.4 introduced protocol triggers which is quite unique in this price class.
Also the trigger conditions are somewhat complex even though IMHO they kinda messed up the trigger setup a bit compared to V2.3.
It's a shame that people who develop UAB LAs obviously never worked with a classic LA to get an idea of how a complex trigger setup should be implemented.
Trying is the first step towards failure - Homer J. Simpson
 

Offline forrestc

  • Supporter
  • ****
  • Posts: 646
  • Country: us
Re: Logic analyzer recommendation for reverse engineering
« Reply #12 on: September 06, 2016, 08:22:42 am »
The LAP-C looks pretty good, but it seems it has the same weakness as most of these Chinese products - it only works on Windows. My main OS is Linux, but I guess I could do a USB passthrough to a virtual machine. How is the sampling size compared to the Logic Pro?
LAP-C is completely outdated. I have one in the drawer, even pimped up to the maximum memory (4.5MBit), but still the resulting 256k (or so) samples are a joke compared to any of the devices you named before.
E.g. the DSLogic Pro has 256MBit which means you can sample 16MSamples with 16 channels, even much more of you enable RLE. Plus you can use stream mode for smaller capture frequencies.

I'll agree with this statement 100% - as far as sample size and speed the device is definitely getting long in the tooth.    The main advantage being the deep protocol decode, although it looks like a lot of the newer competitors are coming up to speed.  If it was me, and I was looking at the DSLogic Pro and/or the Saelae Logic Pro16, I believe that those would have most of the protocols that I would be using - certainly everything the original poster wanted - and with the advantage of the deeper memory and faster USB interface, I'd probably head in one of those two directions.





 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: Logic analyzer recommendation for reverse engineering
« Reply #13 on: September 06, 2016, 08:32:26 am »
There is a slight difference in the price tag though. The DSLogic Pro is currently available for ~$70.
That's simply unbeatable for an open source 16ch LA with 256Mbit memory, shielded probes and sensible input protection.
Trying is the first step towards failure - Homer J. Simpson
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf